Date: Sat, 5 Jun 2004 16:21:38 -0400 From: "D.D.W. Downey" <pgpkeys@pgpkeys.net> To: "Thomas Farrell" <info@mvcg.net> Cc: freebsd-questions@freebsd.org Subject: Re: GRE issues Message-ID: <200406051621.41738.pgpkeys@pgpkeys.net> In-Reply-To: <04fc01c44b26$f10d5600$0b0a0a0a@neonduron> References: <20040604063045.E7F0016A4F3@hub.freebsd.org> <200406040302.05691.pgpkeys@pgpkeys.net> <04fc01c44b26$f10d5600$0b0a0a0a@neonduron>
next in thread | previous in thread | raw e-mail | index | archive | help
=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 05 June 2004 02:00 pm, you wrote: > The link below will show you exactly how to setup GRE tunnels > > http://www.pointless.net/~jasper/consume/docs/my-docs/tunneling.html > > ----- Original Message ----- > From: "D.D.W. Downey" <pgpkeys@pgpkeys.net> > To: <freebsd-questions@freebsd.org> > Sent: Friday, June 04, 2004 3:01 AM > Subject: GRE issues > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > > > Trying to set up GRE here for routing a /29 to the house. I am using the > > following configuration and not sure what the problem is. I get a single > > packet through from the DSL box to the remote box then I get total pack= et > > loss. I can ping the 192.168.3.1 from 192.168.2.1 but not vis versa. > > If i assign an IP to my rl0 on the DSL box from the AssignedBlock it > > pings locally but not from the internet. In fact it bounces back and > > forth > Right on, thank you for that URL. Reinforces that I am on the right track. = I=20 found that URL before I mailed the list and this confirms that I've done th= is=20 correctly. For that I wish to thank you. However, the problem still remains. See, the problem is that from the remot= e=20 side of the tunnel I can ping any IP address I assign lcoally, from the blo= ck=20 I'm trying to route over the gre tunnel. I can ping the local side of the=20 routing from the remote. However, if I ping the remote side of the tunnel=20 (NOT the IPs used in the ifconfig gre1 tunnel <IP1> <ip2> statement, but th= e=20 one used for the link1 statement) it fails to ping. I get exactly *one* pin= g=20 through and recorded and then the rest just "magically" disappear. The loca= l=20 side shows them going out (via ipfw add statements and counting the packets= ),=20 but the far side records only one packet recieved and ping shows one single= =20 successful send. Every packet after that seems to get lost. I've been thinking on this and want to see how far off base I am. So, feel= =20 free to tell me if you see something wrong in my logical thoughts. I have the /29 routed to here on the remote over the gre tunnel. I have=20 another route statement on THIS side (local) for the same block. (My=20 reasoning being that for the packets for that block to be answerable it has= =20 to know to go back over the tunnel. However, in my head that seems wrong=20 since routing is destination based packet routing which means that i'm just= =20 bouncing the packets back and forth over the gre tunnel. It works fine comi= ng=20 from the remote to me because, well that's the correct traffic path. The=20 route on MY side of the tunnel is wrong because I'm saying to route packets= =20 destined for the /29 BACk to the REMOTE side of the tunnel. Obviously not=20 what we want here. The example given on the URL we both have shows 2=20 different /30s being routed across the GRE. I don't have that. I have a=20 single /29 coming TO me locally. Now i need to know how to route any packet= s=20 the /29 generates in response to traffic BACK over the gre TO the remote si= de=20 and of course, back to their origination.=20 OK, so I see I'm doing it wrong with the routing statement on my side (loca= l)=20 of the gre tunnel. How would I route the packets the /29 generates (either= =20 from me just using the IPs outbound with return traffic, or as someone=20 contacting the IPs in the /29 and me responding)? Seems route is only half the answer when dealing with this. =2D --=20 D.D.W. Downey CyberSpace Technologies, Inc. AS64567-OCCAID =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAwitVDQ32jEgJHCgRAqe4AKDJGkz0W+jRzw+ifjo96T+LZaSbHwCbB3OK EK5EA8RbZ+3hxg3bAivXN/A=3D =3Dx11b =2D----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406051621.41738.pgpkeys>